[Cosmo-dev] current-user-privilege-set and tickets

Lisa Dusseault lisa at osafoundation.org
Wed Aug 23 14:34:11 PDT 2006 

On Aug 22, 2006, at 2:27 PM, Brian Moseley wrote:

> On 8/22/06, Jeffrey Harris <jeffrey at osafoundation.org> wrote:
>
>> My feeling is that clients will only log in with one set of  
>> credentials,
>> username or a ticket, and they just want to know what they can do  
>> on the
>> server.  They don't care how they gained privileges.
>
> that may be true for some clients, but i doubt it will be true for  
> all.

What do you see as a different use case?  Why would a user want to  
know if they have write permission and care whether they've obtained  
it  via a ticket or ACL?

The client cases I can imagine this for are:
	- Verifying likely success before attempting a large PUT
	- Ability to grey out or enable GUI affordances like a "move" button  
and "delete" button
	- Ability to make fields editable or not appropriately

All of these are better served by having a summary of "what can I do  
here"

>
>> If I understand Brian correctly, he feels that tickets and user
>> authentication are quite different and should not be conflated.
>
> right. i suggested that we could support a (non-standard)
> current-ticket-privilege-set. this would not break the abstractions of
> cosmo's security model or confuse the modularity of the code.
>
> note that you shouldn't merge the results of user or ticket privilege
> queries. if the request carries user credentials, and that user has
> created several tickets on the resource, then all of those ticket
> infos will be reported in the ticketdiscovery property, even if they
> have nothing to do with the request's authentication state. this is
> another argument for having a current-ticket-privilege-set property.

I don't follow the argument.  I agree ACL queries are one thing, and  
ticket queries are another, but CUPS basically asks "What can I do on  
this resource right now?" and thus the answer can ignore those  
tickets that aren't relevant to the permissions that would be applied  
to this user/session/request.   Perhaps CUPS would have been better  
named "Current context privilege set" or just "current privilege  
set"; if it were would you feel the same way about it?

Lisa

More information about the cosmo-dev mailing list